Cyber-Safety Basics: Protect Passwords


Protect Passwords

Why should you protect passphrases/passwords? Because they can be used to:

  • Gain access to your computer, online bank and credit accounts, health records, or grades and financial aid information on MyUCDavis.
  • Open new accounts under your name or charge purchases to your bank accounts or credit cards without your knowledge.
  • Access programs, files and applications that only you and/or a selected group of others should have access to.
  • Change passphrases/passwords and lock you out of your own accounts.

To protect your passphrases/passwords:

  • Create strong passphrases that are at least 12 characters long and use a combination of character types (e.g., upper- and lower-case letters, numbers and punctuation).
  • Don’t use your campus password for any off-campus accounts.
  • If you have many passwords and are tempted to share them among several accounts, consider using a password manager instead. They employ a master password to keep track of all of your passwords, and the best ones (such as KeePass or LastPass, both free) can generate long, complex passwords that are relatively hard to crack. Then keep your master password really, really safe.
  • Use complex passwords. Using similar words across different accounts—such as jaguar, leopard, and tiger—doesn’t gain you much security.
  • Avoid obvious password hints. Anyone can click the “forgot password” prompt and pretend to be you. So don’t use hints like “campus building whose name starts with an M.”
  • Be creative with password-reset questions. Hackers can learn facts about you online, such as your pet’s name, or your favorite foods. So, confound them. If you use “name of pet” and “favorite food” reset questions, for example, mix up the answers: say your pet is "rainbow sushi rolls" and your favorite food is “Spike.”
  • If your service allows it, consider resetting your password via other methods, such as a text message or an automated phone call.
  • Consider two-factor authentication. This option requires your password and a secondary sign-on method. It’s especially useful for accounts with sensitive personal information or links to your money.
  • Don’t write down passphrases/passwords on a Post-it under your keyboard, on your monitor or in a drawer near your computer. Never share your passphrases/passwords with anyone via email or telephone.
  • Don’t fall for email scams that threaten to close your account if you don’t confirm your passphrases/passwords, even if the email appears to be from UC Davis. These are phishing scams. UC Davis will never ask you to share your passphrase. For more about phishing, see http://security.ucdavis.edu/antiphishing. If you think you’ve responded to a phishing scam, contact the IT Express Computing Services Help Desk at 530-754-4357.

To manage and/or change your campus passwords, go to: